package com.blog.boot.shiro;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.util.Arrays;

/**
 * @author : cailong
 * @since : Created in 下午 5:49 2018/12/21 0021
 */
public class ShiroRolesAuthorizationFilter extends AuthorizationFilter {
    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        String[] obj = (String[]) o;
        if( obj.length == 0){
            return true;
        }
        for (int i = 0; i < obj.length; i++) {
            if(subject.hasRole(obj[i])){
                return true;
            }
        }
        return false;
    }
}
